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(57) The present invention provides a digital certifi- 
cation system which allows a user to add information to 
a digital certificate without requiring the re-issuance of 
the digital certificate and the invalidating of all distrib- 
uted copies of the previous certificate. The invention 
comprises a digital certificate and the associated com- 
puter system and procedure which support its usaga 
The certificate of the present invention is split into two 
components. One component (tiie "certificate index") is 
distributed to the user and the public. The other compo- 
nent (the "certificate information'^ is maintained by the 
certification authority in a publicly availak)le trusted 
repository. In one embodiment, a certification authority 
generates a unique user ID for an applicant for a digital 
certificate. The certification authority then issues a dig- 
ital certificate index containing the unique user ID, the 
user's put)lic key, and the user's name. Unlike in the 
prior art. in the present invention, additional certificate 
information (such as. for example, tiie user*s E-mail 
address) is excluded from tiie digital certificate index. 
Instead, such additional certificate information is main- 
tained by a certif k^tion authority in a publicly available 
trusted repository. The kx^ation of tiie additional infor- 
mation is indicated k}y the unique ID. Instead of linking a 
public key. a user name, and the additional information, 
the digital certificate of the present invention links a put>- 
lic key witii an unchanging user ID, which indicates 
where the adcfitional certificate information may be 
found. The present invention thus allows a certification 
authority to change the additional certificate information 
at the request of the user without requiring issuance of 
a new certificate. 
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Description 

BACKGROUND OF THE INVENTiQN 

1. FIELD OF THE INVENTION 

This invention relates to the field of public key cryptography systems, and in particular, to a digital certification sys- 
tem. 

2. BACKGROUND ART 

Electronic, computer based methods of doing business are increasingly displacing traditional paper based meth- 
ods. Electronic communications and electronic documents are replacing written contracts, orders, payment instru- 
ments, account statements, invoices, and other paper documents. 

Unlike tiieir paper counterparts, electronic documents do not exist in physical form. Instead, they consist of sets of 
digital data that may be stored on various types of digital storage media ranging from volatile internal RAM memory to 
non-volatile ROM memory to magnetic and/or optical disk storage media, and tiiat may be transmitted over various 
computer communications links including local and wkie area networks, and tiie Internet. Because electronic docu- 
ments do not have a physical form, the mechanisms devised to create legally binding paper instruments, such as affix- 
ing a notarized signature, cannot be used for electronic documents. Accordingly, a need has arisen for alternative 
mechanisms for creating and authenticating legally binding electronic documents and communications. Digital encryp- 
tion, digital message digests, digital signatures, and digital certificates are some of the existing cryptographic tools that 
are being used in the present invention to address this need. 

Two well known types of cryptography are secret key cryptography and public key cryptography 

Secret key cryptography is a symmetric form of ayptography in which a single key is used to encrypt and decrypt 
an electronic document. To encrypt an electronic document, the electronic document and the secret key are supplied 
to a hardware device or a software encryption program that transforms the electronic document into an encrypted elec- 
tronic document by means of an encryption process that uses the secret key and tiie electronic document as an input 
The original electronic document can only be obtained from the encrypted electronic document by applying a reverse 
decryption process using the same secret key Because the same seaet key is used for encryption and decryption, both 
the sender and tiie recipient of tiie encrypted electronic document must have a copy of the secret key. The security of 
secret key cryptography can therefore be compromised by eitiier tiie sender or the recipient 

Public key cryptography is an asymmetric form of cryptography ttiat uses a two-key pair, typically refen-ed to as a 
public key and a private key. These two keys are different but constitute a matched pair. In public key cryptography, elec- 
tronte documents encrypted with eitiier tiie public or private key of a public-private key pair can only be decrypted using 
the other key of the key pair. For example, an electronic document encrypted wttti a public key can only be decrypted 
using the corresponding private key Conversely, an electronic document encrypted with a private key can only be 
decrypted using the corresponding pukjilc key. 

The terms "public" key and "private" key stem from a manner in which public key cryptography is often used. A party 
A, concerned about privacy of its incoming communications, generates a public-private key pair, using ayptographic 
hardware and/or software. Party A keeps its private key secret but freely distributes its public key Party B, wishing to 
send a confidential electronic document to party A. can encrypt its electronic document using party A''s freely available 
public key Since the electronic document can then only be decrypted using tiie corresponding private key party B can 
be assured tiiat only party A. in possession of the private key, will be able to decode the encrypted electronic document. 

A number of uncertainties arise witfi respect to the use of public key cryptography One uncertainty relates to the 
identity of the owner of the private key that corresponds to the public key It is possible, for example, that a public key 
may be circulated that fraudulently purports to be the public key of party A, but the con-esponding private key of which 
is actually heW by party C. A sender who encrypts a confidential communication to party A, using tiie public key the 
sender believes belongs to party A. vAW instead be creating a confidential communication that can be decrypted and 
read only by party C. 

A second uncertainty from the perspective of the recipient relates to tiie identity of the sender of an encrypted 
communication. Since the recipient's puWfo key is freely distributed, encryption of a communication with the redpienTs 
correct public key does not provide any information concerning the sender, other tiian that the sender is someone who 
has access to the recipient's public key As public keys are often freely available from public key repositories, the sender 
could be anyone. 

A third uncertainty concerns the integrity of the communication - that is. there is an uncertainty as to whetiier the 
communication received by the redpient is the actual communication sent by tiie sender. For example, the communi- 
cation may have been intercepted, modified, or replaced. 
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Digital signatures and digital certificates have been devised to address some of the uncertainties inherent in public 
key cryptography. 

One of the purposes of a digital signature is to link an electronic document with an owner of the private key con^e- 
sponding to a particular public key. Additionally, a digital signature can be used to determine whether an electronic doc- 

5 ument has been altered during transmission of the document from the sender to the recipient. 

One form of digital signature uses a message digest A message digest is a value that is generated when an elec- 
tronic document is passed through a one way encryption process ("digesting process") such as a hashing routine. An 
ideal digesting process is one for which the probability that two different electronic documents will generate the same 
message digest is near zero. In this form of digital signature, both the sender and the recipient need to know which 

10 digesting process is being used. The sender generates the electronic document and generates a message digest by 
passing the electronic document through the digesting process. The sender encrypts the resulting message digest with 
the sender's private key. The result the encrypted message digest then becomes the digital signature of the electronic 
document. The digital signature may be appended to the electronic document or kept as a separate entity. 

The recipient obtains the electronic document and the digital signature of the sender. The recipient decrypts the 

IS digital signature using what the recipient believes to be the sender's public key. obtaining the decrypted message digest 
X. The recipient processes the received electronic document using the digesting process, obtaining message digest Y. 
The recipient then compares message digest Y to message digest X. If X = Y , the message digests are the same. This 
verifies that the electronic document was (1) digitally signed by the private key corresponding to the public key used to 
recover message digest X. and (2) that the electronic document content was not changed from the time that it was 

20 signed to the time that the digital signature was verified. However, the uncertainty remains as to whether the puk)lic key 
used by the recipient to decrypt the digital signature, which the recipient believes is the public key of the sender, is in 
fact the sender 's public key. 

The effectiveness of the digital signature, as otiier uses of public key cryptography, thus depends on the level of 
confidence as to the identity of the holder of the private key corresjponding to a particular public key. 
25 Digital certificates are intended to provkJe a level of assurance as to the identity of the holder of the private key cor- 
responding to a particular puk)lic key. The issuers of digital certificates are called certification authorities. A digital cer- 
tificate constitutes a certification by a certification authority that a particular public key is the publk: key of a particular 
entity, and tiiat this entity is tiie hoMer of the corresponding private key. 

Certification authorities are often commercial enterprises that collect fees for issuing digital certificates. To ok>tain 
30 a digital certificate, an applicant submits an application for a digital certificate togettier witti the applicant's put)tic key 
and some form of identity verif fcation to a certification authority. The certif feation authority reviews the application, and 
if the application meets the criteria established by the certification authority, issues a digital certificate to the applicant. 

The digital certificate itself is an electronic document. Although a variety of formats exist, a digital certificate typi- 
cally includes, among other items, the name of the certification authority, the name of the certificate hoWer. tiie expira- 
35 tion date of the certif icate. the public key of the certificate hoMer. and tiie digital signature of the certifteation auttiority. 
The digital certificate constitutes a certification by tiie certification authority that tiie hokJer of the certif k»te is the owner 
of the public key specified in the certificate, and. by Implication, therefore tiie holder of tfie corresponding private key. 

The authenticity of a digital certificate is tested by verifying the certification authority's digital signature using the 
certification auttiority's public key. The level of assurance provided by a digital certificate depends on a number of fiac- 
40 tors, including the reputation of tiie certification auttiority issuing tiie certificate, tiie tiioroughness of tiie procedures 
used by the certif toation auttiority in issuing tiie certif k»te. and the level of confMence in the certification auttiority's pub- 
lic key. Some certification authorities issue different levels of certif k:ates. corresponding to different levels of investiga- 
tion performed by the certification authority during evaluation of an application. 

The authenticity of a digital signature depends largely on the auttientidty of the public key used by a recipient to 
45 test the digital signature. A digital certif k:ate may be used to help authenticate a digital signature by verifying the authen- 
ticity of the certificate holer's public key. The digital certifteate may be appended to an electronic document or the 
recipient of an electronic document may obtain a copy of the certificate from ttie issuing certification auttiority or other 
certif icate repository. 

Digital certificates may be represented according to X.509. which is an ISO (International Standards Organization) 
so standard. Under the X.509 standard, a certification authority uses a unique name for each user and issues a digitally 
signed certificate containing the unique user name and public key. and all other identifying attributes associated witti 
the user. Examples of such identifying attributes are the certification auttiority 'Certification Practices Statement", 
errployer name, date of birtii. Social Security Number, and so forth. Version 3 of tiie X.509 standard allows 'certificate 
extensions' to include user defined parameters arxJ data. 
55 The unique user name is commonly aeated using the hierarchical structure defined in the X.500 ISO standard, and 
is refen-ed to as a 'distinguished name'. 

Although not considered a digital certificate, a public key certification mechanism is used in the Pretty Good Privacy 
™ ("PGP") cryptographic system. 
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PGP is a public l<ey cryptographic system originally developed by Phil Zimmerman that is available in commercial 
and freeuvare versions. The commerdal version of PGP is distributed by ViaCrypL It includes utilities for generating pub- 
lic-private key pairs, for encrypting, for digitally signing, for decrypting electronic documents, and for verifying digital sig- 
natures. 

s PGP also Includes utilities for managing keys. Keys are stored in files referred to as key rings. There is a public key 
ring containing public keys and a private key ring containing private keys. Each private key stored in the private key ring 
is encrypted using a symmetrical encryption key referred to as a pass phrase. The public key structure of PGP allows 
keys to be certified. 

PGP allows a user to certify public keys contained in the user's public key ring. Typically the public key ring contains 
10 the user's own public key. as well as public keys of other entities obtained by the user. The user may certify a public key 
if the user is confident as to the authenticity of the public key The PGP certification process appends the digital signa- 
ture of the certifying user to the public key being certified, along with the key ID of the person doing the certification and 
the certification date. PGP allows a key to t)e certified by more tiian one person. Subsequent cert(fk:ations of tills key 
by other persons are appended to tiie public key 
IS A PGP certified key Is not a digital certificate. The presence of a digital signature from a Trusted Third Party, and 
reference to tiie circumstances under which tiie certification was issued, are necessary in a cfigital certificate. 

Additional information about PGP and X.509 is found in "Applied Cryptography." Bruce Schneier. John Wiley & 
Sons. 1996. incorporated by reference herein. 

To effectively use digital certificates to certify the authenticity of electronic documents, the recipient of an electronic 
20 document must be able to identify witii certainty the public key that corresponds to the user name used by the sender 
of the electronic document. 

Users occasionally want or need to change the information contained in tiieir digital certificate. In tiie prior art, each 
digital certificate associates a public key witti the user name and ottier user information contained therein. The entire 
digital certificate is digitally signed by the certification authority A user cannot change any of the certificate information 
25 without invalWating the certificate, since any change would modify the message digest of the certificate. 

Any change in the data included in the prior art digital certificate requires the certificate to be reissued, and all 
instances of the previous certificate to be invalidated. Such a process is highly ineffective and virtually inposslble to 
accomplish. 

Accordingly, tiiere is a need for a means that allows more efficient and Uexbie digital certification. 

30 

SUMMARY OF THE INVENTION 

The present invention provides a digital certification system which allows a user to add information to a digital cer- 
tificate without requiring ttie re-issuance of the digital certificate and ttie invalidating of all distributed copies of tiie pre- 
ss vious certificate. The invention comprises a digital certificate and the associated computer system and procedure which 
support its usage. 

The digital certificate of tiie present invention is split into two components. One component (the "certificate index*) 
is distributed to the user and the public. The other component (the "certificate information') is maintained by the certi- 
fication authority in a publicly available trusted repository. 

40 In one embodiment, a certifk:ation autiiority generates a unique user ID for an applicant for a digital certificate. The 
certification authority then issues a digital certificate containing, in tiie certificate index, the unique user ID. the user's 
public key. and ttie userfe name. Unlike in the prior art, in the present invention, additional certificate Information (such 
as. for exanple. tiie user's E-mail address, or btometi-ic information) is excluded from the digital certificate index. 
Instead, such additional certificate information is maintained by the certification authority in a publicly availak)le trusted 

45 repository. 

Access to the additional certificate information is obtained through the unique user ID in ttie certificate index. 
Instead of linking a public key, a user name, and tiie additional information, ttie digital certificate of tiie present invention 
links a public key witti an unchanging user ID, which allows access to ttie additional certificate information. The present 
invention tiius allows the certification autiiority to change the additional certificate Information at tiie request of ttie user 
so without requiring issuance of a new certificate. 

A user wishing to send an electronic document to a recipient generates the electronic document, digitally signs it 
with the users private key, optionally encrypts the document witti ttie recipienf s public key. and sends ttie electronic 
document to the recipient 

The recipient of an electronic document must have access to the digital certificate associated with the key used to 
55 digitally sign the electronic document. The digital certificate may be. for example, attached to the electronic document, 
may be obtained from the issuing certification authority, may already be on file in ttie recipient's computer system, or 
may be obtained from a third party 

In one embodiment of the Invention, the steps for validating an electronic document include: 1) Verifying that ttie 
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digital certificate is properly signed by the issuing certification authority; 2) verifying that the electronic document is 
signed by the user described in the digital certificate; 3) verifying that the certificate is valid and has not expired or been 
revoked; and 4) accessing the additional certificate information linked to the digital certificate maintained in the trusted 
data repository. 

5 The digital certificate of this invention may be represented in different emtxxiiments using the X.509 standard syn- 
tax, or it may be a clear text certificate, or may use other representations, such as. for example, the PGP data structure. 

The digital certificate of the invention may be used to authenticate public keys, for use in verifteation of digital sig- 
natures, for use in encryption, and for any other uses of public keys. 

10 BRIEF DESCRIPTION OF THE DRAWINGS 

Figure 1 is a schematic diagram illustrating participants involved in one embodiment of the present invention. 
Figure 2 shows a format of a prior art digital certificate. 
Rgure 3 is an example of a prior art digital certificate. 
IS Figure 4 shows a format of a digital certificate index according to one embodiment of the present invention. 

Rgure 5 is an example of a digital certificate index constructed according to one embodiment of the present inven- 
tion. 

Figure 6 shows a format of certificate information contained in a repository according to one embodiment of the 
present invention. 

20 Figure 7 is an example of certificate information contained in a repository according to one embodiment of the 
present invention. 

Figure 8 shows a format of a digital certificate information contained in a repository according to one embodiment 
of the present Invention. 

Rgure 9 is an example of a digital certificate information contained in a repository according to one embodiment of 
25 the present invention. 

Figure 10 is a flowchart for applying for a digital certificate according to one embodiment of the present invention. 
Figure 1 1 is a flowchart describing one embodiment of a validation process that uses a digital certificate of the 
present invention. 

so DETAILED DESC RIPTION OF THE INVENTION 

The present invention is a digital certification system that may be used in electronic communication and commerce. 
In the following description, numerous specific details are set forth to provide a more tiiorough description of the present 
invention. It will be apparent, however, to one skilled in tiie art. that the present invention may be practiced witiiout these > 
3s specific details. In other instances, well known features have not been described in detail so as not to obscure ther 
present invention. 

Figure 1 is a schematic diagram Illustrating participants involved in one embodiment of the present invention. As 
shown in Figure 1, participants involved In this enrtxxliment include an originating party or "user** 100 and a receiver 
120. User 100 is the party that wishes to have its public key certified by Certification Authority 160. Certification Autiior- 

40 ity 1 60 is an individual or enterprise that has access to the apparatus of the present invention and that has been author- 
ized to use the method of the present invention. In the embodiment of Figure 1, user 100 has a user computer 110, 
which may. for example, be a personal computer running Microsoft Windows 95^. Receiver 120 also has a receiver 
computer 130, which may. for example, be a personal computer running Microsoft Windows 95^. Certification Authority 
160 has a repository 150 and a Certification Authority computer 140, which may. for example, be a personal computer, 

45 a workstation or a mini or main frame computer. 

A digital certificate is a computer-based record containing someone's public key, signed by a trustworthy person or 
party. Certificates are designed and implemented to prevent attempts to substitute one key for anottier. When a key is 
digitally certified, the correspondence between tiie key and its owner is publicly verified. 

Rgure 2 shows a block diagram of an example of a prior art digital certificate. As shown in Figure 2. a digital certif- 

50 icate 200 includes a certificate version number 210, a serial number 220. ia digital signature algoritiim identifier 230. 
certification authority (CA) infbnnation 240, a period of validity 250, a user name 260, a user public key 270. additional 
user information such as the user's E-mail address, biometric informatton. arxj date off birth 280, and the CA*s digital 
signature 290. 

The serial number 220 is generated by the certification authority. In one prior art example, the certification authority 
55 generates the serial number by passing the user's public key through a message digesting (MD) algorithm. The period 
of validity is assigned t>y the certification authority, and may. for example, be a period of one year. The user name 260 
is created and assigned by the user. Tlie user name, therefore, may not be unique. The digital signature of the certifi- 
cation autiiority consists of a message digest of all the fields of the certificate encrypted using the certification author- 
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ity's private key. 

Figure 3 is an example of a prior art certrftcate using the structure shown in Rgure 2. As shown in Rgure 3, digital 
certificate 300 includes a version number 310. a serial number 320, a digital signature algorithm identifier 330, certifi- 
cation authority information 340. a validity period 350, a user name 360, a user public key 370, additional user infbrma- 
5 tion 380, and a CA digital signature 390. CA information 340 identifies the particular certification authority that issued 
the certificate. Validity period 350 indicates the period of validity for the particular certificate. User public key 370 com- 
prises the public key of the user. User name 360 includes the user's name as well as information about the user's loca- 
tion and organizational aff iliatton. 

In Rgure 3, the OA's digital signature is generated using a message digest (MD) algorithm such that: 

10 

Signature = Encrypted prjv. key(MD (Version No., Serial No., 
Digital Signature Algorithm Identifier. CA information. Validity period, User (1) 
name. User Public Key, Additional User Information)) 

15 

Any suitable message digest algorithm can be used to generate the digital signature. Some of popular MD algo- 
rithms include the MD2 and MD5 algorithms developed by Ron Rivest. A message digest algorithm essentially takes 
an arbitrary-length message and applies a one-way hash function to return a fixed length value. Message digest algo- 
rithms are designed so that it is easy to CEUculate a hash value from a given message, but it is infeasible to derive a mes- 

20 sage from a given hash value. 

According to eq. (1). after a message digest is calculated based upon the version number, serial number, digital 
signature algorithm identifier, the OA's information, the period of validity, the user's name, the user's public key. and the 
additional user data, the certification authority encrypts the message digest witii the certification autiiority's private key, 
generating tiie certification authority's digital signature. The digital signature prevents anyone from changing any of tiie 

25 data used to generate the signature (i.e. the serial number. Issuer name, period of validity, user's name, the user 's pub- 
lic key. or the additional user data). 

Any entity that has access to the certification authority's public key can decrypt the digital signature and verify the 
contents of the digital certificate by comparing the message digest obtained by decrypting the digital signature with the 
message digest obtained by running the data contained in tfie certificate through the appropriate hashing function. If 

30 anyone has changed any of the information contained in the digital certificate, tiie message digests wont match. 

The signature generated according to eq. (1) includes an association between (i) the user name and additional user 
information such as tiie user's address or E-mail address, user's blometric information, and the user's date of birth 
(which will be referred to in the aggregate as tiser information '0, and (ii) tiie user's public key. Tliis assodation exists 
because when the certification authority's digital signature is generated, each of the user name, the additional user 

35 information, and the user's put}lic key are involved. Ck>nsequentiy, in the prior art. when the user changes any of the 
user information, the existing certificate can no longer be used, because the digital signature contained in the certificate 
will not match the message digest obtained using tiie new user information. A new certificate must be Issued, contain- 
ing a new digital signature of the certification authority generated using the new user information. 

Accordingly, tiie prior art digital certificate system is inflexible, especially when the user wishes to change any of 

40 the user information associated with tiie public key validated by the certificate. As can be seen from eq. (1), in the prior 
art, the certification authority's digital signature autiienticating the certificate is obtained by applying an MD algorltiim 
to data that includes all of the user information and tiie user's public key. Thus, when user information is changed, the 
existing certificate Is no longer valid since the current signature is valid only for the old user infbrmatton. Consequentiy, 
a new certificate has to be generated that contains the new user information. 

45 Thus, the prior art method becomes ineff k:ient and inflexible due to the need to create new certificates and remove 
oM certif k^ates when there are changes in user information. A user may desire to change tiie user information relatively 
frequently, for example, due to a change in Internet sendee provider, a change in job. or a change in marital status, etc. 
Requiring re-certification because of such user information changes is inconvenient and inefficient 

The certificate of the present invention Is split into two components. One component (the "certificate index is dis- 

50 tritxited to the user and the put>lic. The other component (tiie "certificate information is maintained by the certifk:ation 
autiiority in a publicly available trusted repository. 

Figure 4 is a schematic diagram illustBting the format of a digital certificate index according to one embodiment of 
the present invention. As shown in Rgure 4. digital certificate index 400 does not contain user information other tfian 
the user name. Instead, in addition to the version number 410. digital signature algorithm identifier 430. user name 465. 

55 and user put>llc key 470. digital certificate index 400 also includes a unique user ID 480. The unique user ID 480 Is 
assigned to a user k>y a certification authority and contains a user kientificati'on code ttiat is selected to have a high 
degree of uniqueness. 

The unique user ID may contain any alphanumeric code as generated t>y tiie certification authority, but preferably 
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excludes data that might be subject to change. The unique user ID is designed to positively Identify the subject over the 
life of the certificate regardless of changes to the us^ information. In one errAxxliment. for example, the unique user ID 
comprises the URL (Uniform Resource Locator) in an Internet server computer maintained by the certification authority 
that contains a copy of the digital certificate information. In this case the unique user ID not only uniquely identifies the 

5 user, but also identifies the Internet location at which an original copy of the digital certificate information can be found. 
Tlie unique user ID acts as a pointer to a repository containing the additional certificate information. 

Instead of aeating an associatfon between a user's public key and user information that is subject to change, the 
present invention creates a new association between the user's public key and an unchanging unique user ID. Change- 
able user information, instead of being included in the certificate index, is maintained at a location indicated by the 

10 unique user ID. 

The digital certificate index of Figure 4. unlike prior art certificates, also does not include a period of validity. 
Because this information, like the additional user information, is subject to change. It is not contained in the certificate 
index, but is stored In the repository together with the additional user information. 

Figure 5 is an example of a digital certificate index constructed according to the present invention using the format 
IS of Rgure 4. As shown in Rgure 5, digital certificate index 500 includes a version number 510. a digital signature algo- 
rithm identifier 530. a user name 565. a user's public key 570. a unique user ID 580 assigned to the applicant by the 
certification autiiority. and the OA's digital signature 590 of the certificate index. In this particular example, the user ID 
"HTTPS: / /SWWW.ARCANVS.COM/CERTS/D71 C5791" has been created and assigned to the applicant by tiie certi- 
fication authority. 

20 According to one embodiment of the present invention, the certification authority's digital signature 590 of digital 
certificate index 500 is generated as follows: 

Signature = Encrypt ca priv. key(^^ (Version No,. Digital Signature 
Algorithm Identifier. User Name, User Public Key. User ID)) 

According to eq. (2), the certification authority's signature 590 is generated by first generating a message digest 
based on the Version number 510. Digital Signature Algorithm Mentifier 530, User Name 565. User Public Key 570. and 
User ID 580. Any suitable message digest algorithm can be used. The certification authority's digital signature is oom- 
30 pleted by encrypting the message digest with the certification authority's private key. 

It will be appreciated by one skilled In the art that any suitable encryption algorithm can be used in conjunction with : 
the present invention to generate a digital signature and verify it, such as. for example. PGP from ViaCrypt. As shown 
in Figure 5. a certificate may also have a separate "Algorlttim" field such as field 530 to Identify the algoritiim tiiat is 
used to generate the certification autiiority's digital signature. 
35 The digital signature according to eq. (2) does not include the prior art's association between the subject's public - 
key and changeable user Information and eliminates the need to generate a new certificate every time tiiere is a change 
in user information. Accordingly, when the user changes any of the user Information (except for the user name) the 
validity of the certificate index is not affected because such information is not included in the certificate index and is not 
involved in generating the certification authority digital signature of the certificate irxiex. The digital signature, and there- 
to fore the certificate index, remains valid as long as the contributing variables such as the user's puk)lic key and tiie unique 
user ID assigned by the certification autiiority remain the same. This flexibility of the present invention allows the users 
to make changes to user Information while maintaining the validity of the digital certificate. There is now no need to gen- 
erate a new certificate every time there Is a change to the user information. Instead, the current certificate can stili be 
used with the updated user Irrformation. 
45 In one embodiment of the present invention, digital certificates are maintained In a certificate repository. A certifi- 
cate repository Is a system that stores and retrieves digital certificates and other information that Is relevant to digital 
signatures. The database in the certificate repository is maintained by a system that guarantees secure storage. In one 
erri>odiment. the unique user IDs assigned by a certification authority represent URLs in one or more Internet server 
computers maintained by the certification authority, and each certificate Is stored at an Intemet location that corre- 
so spends to the URL represented by the unique user ID of that certificate. 

Rgure 6 shows a format of certificate information contained in a repository according to one embodiment of the 
present invention. The certificate Information 600 includes a version number 610. a serial number 620. a digital signa- 
ture algorithm identifier 630. certification authority (CA) information 640. a period of validity 650. a user name 660. a 
user's public key 670. other user data such as the user's E-mail address and date of birth 680. and a OA's cfigital slg- 
55 nature of tiie certificate Information 690. Thus, certificate information 600 can be used to provide informatfon that Is not 
available from certificate index 500. For example, information about the period of validity. CA informatfon, and the user's 
E-mail address, if not included in the user's digital certificate, can be obtained from certificate information 600. 

Figure 7 is an example of certificate irtfbrmation contained in a repository according to the emtxxiiment of Rgure 
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6. As shown in Rgure 7. the user information Includes a version number 710, a serial number 720, a digital signature 
algorithm identifier 730. certification authority (CA) information 740, a period of validity 750. a user name 760. a user's 
public key 770. other user data 780, and a CA's digital signature 790 of the certificate information. Certification authority 
(CA) information 740 includes the location and name of a CA organization, and Hs organizational unit For this particular 

5 embodiment, user name 760 includes a user name, the user's country and location, the user's organization name, and 
the user's organizational unit In other data field 780, a user's E-mail address and date of birth are included. 

Rgure 8 shows a format of a digital certificate index contained in a repository according to one embodiment of the 
present invention. The format shown in Rgure 8 is the same as that of the digital certificate index of Rgure 4. As shown 
in Rgure 8, digital certificate index 800 includes a version number 810, a digital signature algoritiim identifier 830. a 

10 user name 865. a user public key 870. a unique user ID 880. and a CA's digital signature 890 of the digital certificate 
irxlex. 

Rgure 9 is an example of a digital certificate index contained in a repository according to tiie embodiment of Rgure 
8. As shown in Rgure 9, the digital certificate index includes a version number 910. a digital signature algorithm identi- 
fier 930, a user name 965, a user's public key 970. a unique user ID 980, and a CA's digital signature 990 of the digital 
IS certificate index. 

Rgure 10 shows a flowchart for applying for a digital certificate according to one embodiment of the present inven- 
tion. The particular embodiment of Rgure 10 can be used witii any appropriate cryptographic system, including, for 
example. PGP. Refenring to Figure 10, in step 1001 . an applicant obtains a certificate application form from a certifica- 
tion authority, for example Ijy using an FTP download or an E-mail request, and completes tiie application form by sup- 

20 plying the information specified in the form. In one embodiment, tfiis information includes the applicant's public key as 
well as identifying information about the applicant. 

In one embodiment, the completed certificate application must be verified by a publicly trusted party such as a 
notary. In this embodiment, in step 1 002. the applicant appears before a notary approved by a certification authority and 
signs the application form witti ttie applicant's private key in the presence of tiie notary. In step 1003. the notary verifies 

2S the applicant's kientity. notarizes the application, and digitally signs the notarized application. One process tiiat may be 
used by the notary to notarize the application is described in co-pending application serial no. 08/800.560 entitied 
"Method and Apparatus for Auttienticating Electronic Documents," assigned to tiie assignee of the present invention 
and incorporated by reference herein. In an alternate embodiment of the present invention, the notarization is not a 
requirement for a certificate application, and steps 1002-1003 may be omitted. The applicant encrypts the notarized 

$0 application at block 1004, and sends the encrypted application to the certification auttiority at block 1005. In an alter- 
nate emtxxilment. steps 1004 and 1005 are performed by tiie notary instead of tfie applicant. In an alternate embodi- 
ment, step 1004 may be omitted. 

The certification authority verifies the information contained in the certificate application in step 1006. In step 1007. 
the certification authority generates a unique user ID and builds a certificate. The certification autiiority appends a cer- 

3S tification autiiority digital signature to the certificate index and to tiie certificate information in step 1008 as described 
witii respect to Figures 4 and 5. and fbn/vards the certificate index to tfie applicant in step 1009. In step 1010. the certi- 
fk;ation autiiority posts the certificate index and the certificate information in the certification authority's certificate 
repository. 

Figure 1 1 is a flowchart describing one embodiment of a digital signature validation process ttiat uses a digital cer- 

40 tificate of the present invention. Refem'ng to Figures 1 and 11, In step 1101. a receiver such as receiver 120 of Figure 
1 receives a digitally signed electaronic document from a sender such as user 100 of Rgure 1 . In step 1101, the receiver 
cbiains the digital certificate index associated witii the sender to valklate tiie elecfa-onic document. The digital certificate 
index may be attached to the electironic document, may be obtained from CA repository 150. may already be on file in 
receiver computer 1 30, or may be obtained from a third party. 

4S In step 1 1 03. the receiver verifies the authenticity of the digital certificate index obtained in step 1 1 02 by checking 
the digital signature of the issuing CA on the digital certificate. For example, if tiie digital certificate index has a form 
shown in Rgure 9. the receiver decrypts CA's digital signature 990 using the CA's public key (to which the receiver has 
access), and obtains a first, deaypted message digest. The receiver uses tiie algorithm identified in algorithm identifier 
930 to obtain a second message digest by applying the message digest algorithm to version number 910, digital algo- 

so ritfim identifier 930, user name 965. user's pttolic key 970 and user ID 980. The receiver ttien compares the two mes- 
sage digests. If they match, the receiver is assured of tiie auttienticity of tiie digital certifk:ate index and its content 
including the autiientidty of the sender's put)lic key. 

After verifying the digital certificate in step 11 03, tiie receiver verifies the autiientidty of the electronic document in 
step 1 104. For example, the receiver uses tiie senders public key as obtained from user public key 970 of the digital 

55 certificate index in Rgure 9 to decrypt the sender's digital signature for tiie received electronic document. The receiver 
verifies tiie autiientidty of the decrypted sender's digital signature by, for example, generating a message digest of the 
received electronic document and conrparing the generated message digest witii the sender's decrypted digital signa- 
ture. 
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if desired, the receiver may also obtain additional certificate information from the repository using the user ID from 
the digital certificate index as a pointer in step 11 05. For example, the receiver may obtain a period of validity from the 
repository to validate the digital certificate in step 1 106. 

Although steps 1 1 05 and 1 1 06 are performed after step 1 1 04 in Rgure 1 1 » it is also possible to perform steps 1 1 05 
5 and 1 1 06 before step 1 1 04 and anywhere after step 1 1 02 in altemate embodiments. 

Thus, a method and apparatus for implementing a digital certification system have been described. The present 
invention overcomes the limitations of prior art certif icates by assigning a unique user ID to a user, and by dividing infor- 
mation related to the certificate into two sets of information. The first set of infbnmation. which comprises the user's pub- 
lic key and the unique user ID, are included in the digital certificate index. The second set of information is stored in a 
10 repository location identified or panted to by a pointer, for example the unique user ID contained in the first set of infor- 
mation. Thus the certificate information (i e.. the second set of information) can be changed without requiring tiie re- 
issuance of a new certificate. It is understood that particular embodiments described herein are illustrative and the 
present invention is not limited to these particular embodiments. It will be apparent to those skilled in the art that 
changes can be made in the various details desaibed herein without departing from the scope of the invention. The 
IS present invention is defined by the claims and tiieir full scope of equivalents. 

The features disclosed in the foregoing description, in the claims and/or in the accompanying drawings may. botii 
separately and in any combination tiiereof, be material for realising the invention in diverse forms thereof. 

Claims 

20 

1 . A digital certificate for authenticating an association between a user and a public key of said user; said digital cer- 
tificate comprising a first set of data related to said digital certificate; said first set of data comprising: 

said public key of said user; 

25 an irxJicator identifying a location for obtaining a second set of data related to said digital certificate. 

2. The digital certificate of claim 1 further conr^sing a digital signature comprising an encrypted message digest of 
said first set of data. 

30 3. The digital certificate of daim 1 wherein said indicator comprises a unique user ID. 

4. The digital certificate of daim 3 wherein said unique user ID comprises an Intemet address. 

5. The digital certificate of daim 4 wherein said Internet address comprises a URL (Unifonn Resource Locator). 

55 

6. The digital certificate of daim 5 wherein said URL comprises identifying information of a digital certificate. 

7. The digital certificate of daim 4 wherein said Internet address is the Internet address of a repository. 

40 8. The digital certificate of daim 3 wherein said indicator is generated by a certificate issuer. 

9. The digital certificate of daim 1 wherein said second set of data comprising a digital signature comprises an 
encrypted message digest of said second set of data. 

45 10. The digital certificate of daim 9 wherein said second set of data comprises a period of validity. 

1 1 . A method for issuing a digital certificate authenticating an assodation between a user and a publk: key of said user, 
said method comprising the steps of: 

so receiving a certifk^te application, said application comprising sakJ public key of sakJ user and information 

related to sakj user; 

generating a pointer to a storage system; 

constructing a digital certificate comprising a first set of data comprising: 

55 said pointer; 

sakl public key of sakl user; and 

a first portion of said information related to saki user; 
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storing a second set of data comprising a second portion of said information related to said user in said storage 
system. 

12. The method of daim 1 1 further comprising the steps of: 

generating a message digest of said first set of data; 

encrypting said message digest with a private key to generate a digital signature for said digital certificate. 

13. The method of daim 1 1 further comprising the steps of: 

generating a message digest of said second set of data; 

encrypting said message digest with a private key to generate a digital signature for said digital certificate. 

14. The method of claim 1 1 wherein said first set of data comprises a version number and a digital signature algorithm 
identifier. 

15. The digital certificate of daim 1 1 wherein said second set of data comprises a period of validity. 

16. The method of daim 1 1 in which said certificate application comprises a digital signature. 

17. The method of claim 1 1 wherein said pointer comprises a unique user ID. 

18. The method of claim 17 wherein said unique user ID comprises a URL (Uniform Resource Locator). 

19. The method of claim 18 wherein said URL comprises Identifying information of a certificate repository. 

20. A program storage device readak^le by a machine, tangibly embodying a program of instructions executable by the 
machine to perform method steps for authenticating an association between a user and a putdic key, said metiiod 
comprising the steps of : 

receiving a certificate application from said user, said application comprising a public key of sakJ user arxl user 
data; 

verifying said user data; 

generating a unique user ID pointing to a repository; 

constructing a digital certificate comprising a first set of data comprising: 

said unique user ID; 

said public key of said user; 

generating a message digest of said first set of data; 

encrypting said message digest with a private key to generate a digital signature of said digital certificate; 
storing a second set of data comprising a portion of said user data in 

said repository. 

21 . The program storage device of daim 20 wherein said method further comprises the steps of: 

generating a message digest of said second set of data; 

enaypting said message digest with a private key to generate a digital signature of said second set of data. 

22. The program storage device of daim 20 wherein said second set of data further comprises a period of validity. 

23. The program storage device of daim 20 in which said certificate application comprises a digital signature. 

24. The program storage device of daim 21 in which said private key is a private k^ of a certificate issuer. 

25. The program storage device of daim 20 wherein said method further comprises the step of: 



10 



EP0869 637A2 

storing a copy of said digital certificate In said repository. 

26. The program storage device of dalm 20 wherein said unique user ID comprises a URL 

5 27. An article of manufacture comprising: 

a computer usable medium having computer readable program code embodied therein for authenticating an 
association between a user and a public key. the computer readat)le program code in said article of manufac- 
ture comprising: 

10 conputer readable code configured to cause a computer to receive a certificate application, said application 

comprising a public key of said user and Information related to said user; 

computer readable code configured to cause said computer to generate a pointer to a storage system; 
computer readak>le code configured to cause said computer to construct a digital certificate comprising a first 
set of data comprising: 

IS 

said pointer: 

said public key of said user; and 

a first portion of said irrfbrmation related to said user; 

20 computer readable code configured to cause said computer to store a secorxi set of data comprising a second 

portion of said information related to said user in said storage system. 

28. The article of manufacture of claim 27 further comprising: 

25 computer readat)le code configured to cause said computer to generate a message digest of said first set of 

data; 

computer readable code configured to cause said computer to encrypt said message digest with a private key 
to generate a digital signature for said digital certificate. 

30 29. TTie article of manufacture of dalm 27 in which said certif k»te application comprises a digital signature. • 

30. The article of manufacture of dalm 27 wherein said pointer comprises a unique user ID. 

31. The artide of manufacture of daim 30 wherein said unique user ID comprises a URL (Uniform Resource Locator). 

3S 

32. The artide of manufacture of claim 27 wherein saki first set of data comprises a version number arxJ a digital sig- 
nature algorithm klentif ier. 



40 



so 



55 



33. The artide of manufacture of daim 27 wherein said second set of data comprises a period of validity. 

34. A method fbr verifying the authenticity of an electronic document based on digital certification, wherein said elec- 
tronic document is digitally signed a sender and said digital certificate is issued by a certificate issuer, saki 
method corrprising the steps of: 

obtaining a digital signature of said electronic document signed by saki sender; 

ot>talning a digital certificate for said sender, wherein saki digital certificate comprises a unk|ue user ID €md a 
public key of said user, said unique user ID unk^uely identifying a location in a repository; 
okjtaining user information from saki repository location using saki unk^ue user ID; 
verifying an authenticity of said electronic document using saki pvtHlc key of said sender. 

35. The method off claim 34 wherein saki user information comprises a period of validity. 
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FIG. 3 



310 Version Number: 2 

320 Serial Number: 02:41:00:00:16 

330 Digital Signature Algorithm Identifier: MD5 for Message Digest 

340 Certification Authority (CA) Country: US 

CA Locality: Redwood City, California 

CA Organization: RSA Data Security Inc. 

CA Organizational Unit: Conmercial Certification Authority 

350 Valid From: Sep 22, 1995 

Valid Until: Nov 21, 1995 

360 User Country: US 

User Locality: Mountain View, California 
User Organization: Netscape Communications Corp. 
User Organizational Unit: Test CA 
User Name: John Smith 

370 User Public Key: mQCNAjDGJjsAAAEEAKNwlSdbVmXsiOeUDjO 

JxK4CouRW63QX1950RoAPqYW2cgoklkV37RRf 

a7pn6VZlZiDtIwQFAen2c2kDJ47fz/0pTMGZj76 

m70190mg6riqFG3gjaimW9IKIZkn/MIINLWWzc 

Uzat9qj8dnE2wC8rbvlqH2sPj2ntMq/mPn0kahLAA 

URtAtKLlEuIFBlYmxpY7QaRnJhbmsgV2V5ZXI8 

ZnJhbmtAbW10LmVkdT4=*enyp 

380 Other Data 

User E-Mail: John.Smith@school.edu 
User Date of Birth: Jul 4,1948 

390 CA Signature: iQCVAgUBMeKbnsq/mPn0kahLAQE8kwP/e6fz2zc 

aX9WlutgA9a8g4efpNb7G0vIka8tad/lCBNQ4GIvND 
Mac9fmMRMragNYi Ki +36vTyBRCWr82JWj vwgxCz4i 
0To6em0eaGjHRHXF5WvY9bbfIofLLArieqfMUiXR 
HAel/IH3aQxs0xrxNUeGh3Kr3WFGhvs77BmWD96m 
5A==8QQv 
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FIG. 5 



510 Version Number: 2 

530 Digital Signature Algorithm Identifier: M05 for Message Digest 

565 User Name: John Smith 

570 User Public Key: mQCNAjOGJjsAAAEEAKNwlSdbVmXsiOeUDjo 

JxK4CouRW63QX1950RoAPqYW2cgoklkV37RRf 
a7pn6VZl Zi Dt IwQFAen2c2lcDJ47f z/OpTMGZj 7G 
m70190mg6riqFG3gjalmW9IKIZkn/MIINLWWzc 
Uzat9qj8dnE2wC8rbvlqH2sPj2ntMq/mPn0kahLAA 
URtAtKL1EuIFBlYmxpY7QaRnJhbmsgV2V5ZXI8 
ZnJhbmtAbWI 0LmVkdT4»»enyp 

580 User ID: https://SWWW.ARCANVS.COM/CERTS/D71C5791 

590 CA Signature: iQCVAgUBMMZAlsq/mPnOkahLAQFNAwP/VgrVSd 

wiSRwqovx+iqlPp2iw87wItjFDUf8J044G+gs3wraCbJ 

MxJ/gmJXzPmQJNo37T5HQlaA0Ugile7GX2SiZB0Hz 

SCcQ4CAQbZU0cfNR132pSPccemlrMHu/Fy4j2YHE 

X8caXc3mLwRuPlVXtOntUpLL6xiQsTlls/JpLNX34 

"I6rS 
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FIG. 7 

710 Version Number: 2 

720 Serial Number: D71C5791 

730 Digital Signature Algorithm Identifier: HQS for Message Digest 

740 Certification Authority (CA) Country: US 

CA Locality: Redwood City, California 

CA Organization: RSA Data Security Inc. 

CA Organizational Unit: Commercial Certification Authority 

750 Valid From: Sep 22, 1995 

Valid Until: Nov 21, 1995 

760 User Country: US 

User Locality: Mountain View. California 
User Organization: Netscape Communications Corp. 
User Organizational Unit: Test CA 
User Name: John Smith 

770 User Public Key: mQCNAjDGJjsAAAEEAKNwlSdbVmXsiOeUDjo 

JxK4CouRWG3QX1950RoAPqYW2cgoklkV37RRfa7pn6V 
Z1Z1 DtIwQFAen2c2kDJ47f z/0pTM6Zj7Gm70190mgGri q 
FG3gjaimW9IKIZkn/MIINLWWzcUzat9qj8dnE2wC8rbvl 
qH2sPj2ntMq/mPn0kahLAAURtAtKLlEuIFBlYmxpY7Qa 
RnJhbmsgV2V5ZXI8ZnJhbmtAbW10LmVkdT4»=enyp 

780 Other Data 

User E-Mail: John.Smith@schoo1.edu 
User Date of Birth: Jul 4. 1948 

790 CA Signature: 1QCVAgUBWIZAlsq/mPn0kahLAQFNAwP/VgrV8d 

w1 SRwqovx+1 qlPp2i w87wl t j FDUf 8J044G+gs3wmCbJMxJ/gm 
JXzPmQJNo37T5HQlaA0Ug1 1 e7GX2S1 ZB0HzSCcQ4CAQbZ 
U0cfNR132pSPcceralrMHu/Fy4j2YHEX8caXc3mLwRuPlV 
Xt0ntUpLL6xiQsTlls/JpLNX34»I6rS 
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FIG. 9 

910 Version Number: 2 

930 Digital Signature Algorithm Identifier: MD5 for Message Digest 

965 User Name: John Smith 

970 User Public Key: mQCNAjDGJjsAAAEEAKNwlSdbVmXsiOeUDjo 

JxK4CouRW63QX1950RoAPqYW2cgoklkV37RRf 

a7pn6VZlZiDtIwQFAen2c2lcDJ47fz/0pTMGZj76 

m70190mgGnqFG3gJalroW9IKIZkn/MIINLWWzc 

Uzat9qj8dnE2wC8rbvlqH2sPj2ntMq/mPn0kahLAA 

URtAtKLlEuIFBlYmxpY7QaRnJhbmsgV2V5ZXI8 

ZnJhbmtAbW10LmVkdT4=»enyp 

980 User ID: HTTPS ://SWWW.ARCANVS.C0M/CERTS/D71C5791 

990 CA Signature: iQCVAgUBMMZAlsq/mPnOkahLAQFNAwP/VgrVSd 

wi SRwqovx+i qlPp2i w87wlt jFDUf 8J044G+gs3wmCbJ 
Mx J/gmJX2PmQJNo37T5HQIaA0Ugi 1 e7GX2Si ZBOHz 
SCcQ4CAQbZU0cfNR132pSPccemlrMHu/Fy4j2YHE 
X8caXc3mLwRuPlVXt0ntUpLL6x1QsTlls/JpLNX34 
-=16rS 
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